Despite the common refrain of "it's not a matter of if, but when" in relation to dealing with a privacy breach, companies are still struggling to implement data privacy protocols, according to a recent TechRepublic Premium survey.
Of the 186 professionals surveyed in July 2020, 37% said that their company did not have a dedicated privacy team, while 44% said their company's privacy team had one to five employees. Only 6% of respondents claimed 10 or more members on their company's privacy team.
SEE: Report: SMBs unprepared to tackle data privacy (TechRepublic Premium)
Barriers to data privacy
Other barriers to data privacy ranged from corporate culture (37%), lack of knowledge (35%), financial cost (33%) or lack of resources (33%), integration with existing tools (28%), and lack of either technical skills (25%) or leadership (24%).
Other respondents cited the complexity of GDPR (18%), lack of available technology (8%), and a business model that relies on user surveillance (8%) as challenges to enabling data privacy.
The General Data Protection Regulation (GDPR), a set of regulations designed to protect the data security and privacy of all EU citizens and any business entity that transacts with them, went into effect May 25, 2018. Yet 16% of applicable respondents admitted that their organizations were not meeting requirements, 16% were still in the process of meeting requirements, or they were unsure (26%) about their company's compliance. Among respondents, 35% were meeting all GDPR requirements.
When it comes to the California Consumer Privacy Act (CCPA), a state statute intended to enhance privacy rights and consumer protection specifically for California residents, 26% of applicable respondents were meeting or are in the process of meeting all requirements, 14% were not meeting requirements, and 28% were unsure of their company's compliance.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)
A wide range of tools are available to help companies carry out their data privacy initiatives. The majority of respondents are implementing or considering data backup/recovery solutions (62%). More than half of respondents use or are considering endpoint protection (54%), data loss prevention (52%), and encryption software (52%). Close to half of the respondents (48%) use or may use Identity and Access Management (IAM) or (43%) Mobile Device Management (MDM). Other tools being used or considered are compliance software (30%), Customer Data Management (CDM) platforms (19%), and consent management applications (16%).
Who is responsible for protecting data privacy?
The majority of survey respondents (51%) reported that IT is responsible for their organization's data privacy. Further, the privacy leader within the respondents' organizations ranged from the chief information officer (CIO)/chief technology officer (CTO) at 21%, data protection officer (DPO) at 16%, chief information security officer (CISO) at 11%, chief privacy officer (CPO) at 8%, and general counsel/chief counsel/chief legal officer (CLO) at 5%. In addition, 19% of respondents were unsure who their privacy leader was, 16% said 'other', and 5% said their organization was in the process of creating a position for this task.
To read more findings, plus analysis, download the full report: Report: SMBs unprepared to tackle data privacy(available for TechRepublic Premium subscribers).